The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5687 advisory.

    [1:11.0.16.0.8-1.0.1]
    - link atomic for ix86 build

    [1:11.0.16.0.8-1]
    - Update to jdk-11.0.16+8
    - Update release notes to 11.0.16+8
    - Use same tarball naming style as java-17-openjdk and java-latest-openjdk
    - Drop JDK-8284920 patch now upstreamed
    - Print release file during build, which should now include a correct SOURCE value from .src-rev
    - Update tarball script with IcedTea GitHub URL and .src-rev generation
    - Use 'git apply' with patches in the tarball script to allow binary diffs
    - Include script to generate bug list for release notes
    - Update tzdata requirement to 2022a to match JDK-8283350
    - Make use of the vendor version string to store our version & release rather than an upstream release     date
    - Explicitly require crypto-policies during build and runtime for system security properties
    - Resolves: rhbz#2106510

    [1:11.0.16.0.8-1]
    - Add additional patch during tarball generation to align tests with ECC changes
    - Related: rhbz#2106510

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 : java-11-openjdk (ELSA-2022-5687)

high Nessus Plugin ID 163396

Version 1.11

Version 1.10

Version 1.9

Version 1.8

Version 1.11 Nov 2, 2024, 5:10 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202411020510
Version 1.10 Oct 23, 2024, 10:51 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202410232251
Version 1.9 Oct 22, 2024, 9:14 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410222114
Version 1.8 Dec 8, 2022, 4:04 PM CVSS metrics ("CVSSv2 score" changed from "5.0" to "7.8") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N") CVSSv2 severity (based on CVE-2022-34169, severity increased from "Medium" to "High") Plugin Feed: 202212081604